<?
require "include/bittorrent.php";
dbconn();

$id = (int)$_GET["id"];
$md5 = $_GET["secret"];
$email = urldecode($_GET["email"]);

if (!$id)
	error("Invalid ID.");

$res = query("SELECT editsecret FROM users WHERE id = $id");
$row = mysql_fetch_array($res);

if (!$row)
	error("Invalid ID.");

$sec = hash_pad($row["editsecret"]);
if (preg_match('/^ *$/s', $sec))
	error("Invalid secret.");
if ($md5 != md5($sec . $email . $sec))
	error("Incorrect secret.");

query("UPDATE users SET editsecret='', email=" . sqlesc($email) . " WHERE id=$id AND editsecret=" . sqlesc($row["editsecret"]));

if (!mysql_affected_rows())
	error("Confirmation failed.");

header("Refresh: 0; url=../../../my.php?emailch=1");
?>